Many criminal and cyber attackers took advantage of Canadian seniors and other individuals during the 2020 global economic and health crisis by creating websites or sending SMS text messages and tricking people into giving personal information like passwords or bank account and credit card numbers. These websites or senders disguised themselves as credible sources such as the Government of Canada or established Canadian banks.

This types of attacks or scams are called phishing scams. They are a common tactic that cyber criminals use to steal personal and financial information from you. Phishing messages usually take the form of an email or phone call from a cyber criminal who is pretending to be someone they are not, such as your bank.

1. What does phishing appear?

   Phishing messages appear to be from a legitimate source but, in reality, they are from cyber criminals who are attempting to trick you into sharing sensitive information. In these messages, cyber criminals frequently use scare tactics, such as threatening to close your accounts or arrest you unless you give them information that you would ordinarily keep secure. If successful, the cyber criminal can use that information to steal your identity or to gain access to your accounts.

   For example, many cyber criminals claim to be from government organizations and threaten potential victims with fines or an arrest if they don’t call them back with personal information.

2. Different forms of phishing

   Phishing refers to any attempt to steal information, whatever the means. Phishing messages can come in almost any form: Emails, text messages, social media direct messages, or phone calls.

   In most cases, cyber criminals’ phishing campaigns are untargeted attempts to solicit personal details by casting as wide a net as possible to get people to respond.

   However, there are more specific versions of phishing that are worth knowing about:

   Smishing

   Is a phishing attempt through SMS (text message).

   Spearphishing

   Is a hyper-targeted phishing attempt in which a message is designed to sound like it’s coming from a source you know personally.

   Whaling

   Is a phishing attempt aimed at a high-profile target such as a senior executive or other high-ranking official in an organization or government department.

   Spoofing

   Involves creating a fake website to get someone to share their personal information.

3. 8 red flags for detecting a phishing scam

   • Email and domain don’t match
   • Severe spellikgorgrammaitcal mistakes
   • Offers or rewards that are too good to be true
   • Requests for money
   • Urgency, threats, or unrealistic risks
   • Suspicious government agencies
   • Suspicious email attachments
   • Ask for your credentials

When you receive a message or email that raise suspicion, don’t open click on the link(s) in the email or provide any personal information. You can check with the source email sender such as the bank that the email sender claims to be from and see if the bank has sent such email. If the source hasn’t and the email sender appears to be a hacker or fraudster, disregard the email and report the email as spam in your email service.